updateSSLOptions doesn't update when the updated secret remain at the same path

[Leo6Leo]

Questions

I encountered a potential bug when using setKeyPath to create new SSLOptions and passing them into updateSSLOptions. The options do not seem to update if the secret is updated at the same path. (With symbolic link)

Version

Affected Version: 4.4.3

Context

Background:
I am working on updating SSL configurations via updateSSLOptions. The paths of the secret files remain unchanged:

• tlsKeyFile: /etc/tls-secret/tls.key
• tlsCrtFile: /etc/tls-secret/tls.crt

However, the content of these secrets does change. It's worth noting that these files use symbolic links.

When I update the SSL options using the path of the secret files:

PemKeyCertOptions keyCertOptions = new PemKeyCertOptions()
    .setKeyPath(tlsKeyFile.getPath())
    .setCertPath(tlsCrtFile.getPath());

httpsServer.updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions));

The secret value in the vert.x server does not update, and it continues to use the old value.

However, when updating the SSL options by passing the value of the secret files:

PemKeyCertOptions keyCertOptions = new PemKeyCertOptions()
    .setCertValue(Buffer.buffer(java.nio.file.Files.readString(tlsCrtFile.toPath())))
    .setKeyValue(Buffer.buffer(java.nio.file.Files.readString(tlsKeyFile.toPath())));

httpsServer.updateSSLOptions(new SSLOptions().setKeyCertOptions(keyCertOptions));

The update proceeds as expected without any issues.

Reproducer

I have created a reproducer for this issue, which can be found at: Reproducer GitHub Repository

Steps to Reproduce

For detailed steps to reproduce the problem, please refer to the README.md file in the linked repository above.

Extra

For a comprehensive discussion on the potential cause of this issue, you can check this discussion thread.

The potential problem I found:
I am not sure whether problem is here or not.
https://github.com/eclipse-vertx/vert.x/blob/6954961d9b723ed245f91b6dedb41b9b09e991bd/src/main/java/io/vertx/core/net/impl/SSLHelper.java#L182C11-L182C71

Because the line if (prev.succeeded() && prev.result().options.equals(options)) { is checking whether the options are the same. If we are using the path, obviously the options doesn't get changed because the file path is the same. And so it doesn't get updated? Correct me if that's wrong.

Thanks for your time.

[vietj]

you can solve this by loading yourself the value in a Vert.x buffer and setting the buffer on the PemKeyCertOption instead of the path

[petarov]

@vietj Thanks for the workaround. It's a great feature but I think this bug will hit me as well. I got Letsencrypt certificates that auto-update every 2 months and file names stay the same. A fix would be great at some point.

[vietj]

I think best here might be to overload the method with a force boolean

[vietj]

a better workaround is to override the options class you are passing and override the equals method of SSLOptions to always return false to force the refresh

[vietj]

I'm trying to find the most adequate solution to this, here are my thoughts

• provide a boolean force providing full control over the update
• implement a better equals based on the content of the stores
• provide a version with a Comparator<SSLOptions> providing a way to control the update for the user, the default comparator would use equals, a positive value would mean to perform the update

[vietj]

we went with the force boolean option to provide full control to the user